US10510074B1ActiveUtility

One-tap payment using a contactless card

98
Assignee: CAPITAL ONE SERVICES LLCPriority: Feb 1, 2019Filed: Feb 1, 2019Granted: Dec 17, 2019
Est. expiryFeb 1, 2039(~12.6 yrs left)· nominal 20-yr term from priority
G06Q 20/4018G06Q 20/385G06Q 20/3825G06Q 20/12G06Q 20/34G06Q 20/322G06Q 20/40G06Q 20/352G06Q 20/3829G06Q 20/409G06F 21/32G06Q 40/02G06Q 20/3821G06Q 20/4015G06Q 20/405G06Q 20/4012G06Q 20/353G06Q 20/3226G06Q 20/4014G06Q 20/3278G06Q 20/3221
98
PatentIndex Score
47
Cited by
624
References
18
Claims

Abstract

One-tap payment using a contactless card. An application may output an indication specifying to tap a contactless card to complete a transaction initiated in the application. The application may receive encrypted data generated by the contactless card based on a private key stored in the contactless card. The application may transmit a merchant identifier, a transaction identifier, and the encrypted data to an authentication server. The authentication server may verify the encrypted data based on the private key for the contactless card stored by the authentication server. A virtual account number server may generate a virtual account number. A merchant server may receive the merchant identifier, the transaction identifier, the virtual account number, an expiration date, and a card verification value (CVV), and process the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A system, comprising:
 a plurality of processor circuits; and 
 a memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier; 
 receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card; 
 transmit, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits; 
 verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card; 
 determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant; 
 determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card; 
 generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number; 
 transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and 
 process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV. 
 
 
     
     
       2. The system of  claim 1 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and 
 transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address. 
 
     
     
       3. The system of  claim 2 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service; 
 transmit, by the merchant server to the application, an indication that the transaction was processed; and 
 output, by the application, the indication that the transaction was processed on a display. 
 
     
     
       4. The system of  claim 3 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 determine, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile; 
 transmit, by the merchant server, the address and the known address to the application; 
 output, by the application on a display of the device, an indication of the address and the known address; 
 receive, by the application, selection of one of the address and the known address; and 
 transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address. 
 
     
     
       5. The system of  claim 1 , the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 receive, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials; and 
 transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information. 
 
     
     
       6. The system of  claim 1 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number, the expiration date, the CVV, an account holder name, and an address from the application and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the memory storing instructions which when executed by one or more of the processor circuits, cause the one or more of the processor circuits to:
 determine, by the authentication application, a device identifier received from the application is associated with a user account associated with the contactless card. 
 
     
     
       7. A method, comprising:
 outputting, by an application executing on a processor circuit, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier; 
 receiving, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card; 
 transmitting, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the processor circuit to an authentication server; 
 verifying, by the authentication server, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card stored in a memory of the authentication server; 
 determining, by the authentication server, that the contactless card has previously been used to make a purchase with the merchant; 
 determining, by the authentication server, that the location of the device is within a threshold distance of a known location associated with the contactless card, the known location to comprise at least one of a home location or a work location associated with the contactless card; 
 generating, by a virtual account number server based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication server, a virtual account number; 
 transmitting, by the virtual account number server, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server associated with the merchant; and 
 processing, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV. 
 
     
     
       8. The method of  claim 7 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number server, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number server from an account database, the method further comprising:
 receiving, by the virtual account number server from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and 
 transmitting, by the virtual account number server, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address. 
 
     
     
       9. The method of  claim 8 , further comprising:
 generating, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service; 
 transmitting, by the merchant server to the application, an indication that the transaction was processed; and 
 outputting, by the application, the indication that the transaction was processed on a display. 
 
     
     
       10. The method of  claim 9 , further comprising:
 determining, by the merchant server, an address conflict based on the address being different than a known address specified in a user profile; 
 transmitting, by the merchant server, the address and the known address to the application; 
 outputting, by the application on a display, an indication of the address and the known address; 
 receiving, by the application, selection of one of the address and the known address; and 
 transmitting, by the application, the selected one of the address and the known address to the merchant server, the merchant server to process the transaction using the selected one of the address and the known address. 
 
     
     
       11. The method of  claim 10 , further comprising:
 receiving, by the application, authentication information for a user account associated with the contactless card, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials; and 
 transmitting, by the application, the received authentication information to the authentication server, the authentication server to verify the authentication information. 
 
     
     
       12. The method of  claim 11 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, the merchant server to process the transaction without receiving the virtual account number and without requiring a user of the application to provide authentication information to the application to authenticate with an account associated with the merchant, the expiration date, the CVV, an account holder name, and an address from the application, the method further comprising:
 determining, by the authentication server, a device identifier received from the application is associated with a user account associated with the contactless card. 
 
     
     
       13. A non-transitory computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code executable by one or more processor circuits of a plurality of processor circuits to:
 output, by an application executing on a first processor circuit of the plurality of processor circuits, an indication specifying to tap a contactless card to complete a transaction initiated in the application, the transaction associated with a transaction identifier; 
 receive, by the application from a communications interface of the contactless card, encrypted data generated by the contactless card based at least in part on a private key for the contactless card stored in a memory of the contactless card; 
 transmit, by the application: (i) a merchant identifier of a merchant associated with the application, (ii) the transaction identifier, (iii) the encrypted data, and (iv) a location of a device comprising the first processor circuit to an authentication application executing on a second processor circuit of the plurality of processor circuits; 
 verify, by the authentication application, the encrypted data by decrypting the encrypted data based at least in part on the private key for the contactless card; 
 determine, by the authentication application, that the contactless card has previously been used to make a purchase with the merchant; 
 determine, by the authentication application, that the location of the device is within a threshold distance of a known location, the known location to comprise at least one of a home location or a work location associated with the contactless card; 
 generate, by a virtual account number generator executing on a third processor circuit of the plurality of processor circuits based on the verification of the encrypted data, the determination that the contactless card has previously been used to make a purchase with the merchant, and the determination that the device is within the threshold distance of the known location by the authentication application, a virtual account number; 
 transmit, by the virtual account number generator, the merchant identifier, the transaction identifier, the virtual account number, an expiration date associated with the virtual account number, and a card verification value (CVV) associated with the virtual account number to a merchant server executing on a fourth processor circuit of the plurality of processor circuits, the merchant server associated with the merchant; and 
 process, by the merchant server, the transaction using the transaction identifier, the virtual account number, the expiration date, and the CVV. 
 
     
     
       14. The non-transitory computer-readable storage medium of  claim 13 , wherein the expiration date and the CVV comprise one or more of: (i) an expiration date and a CVV generated by the virtual account number generator, and (ii) an expiration date and a CVV of the contactless card received by the virtual account number generator from an account database, further comprising computer-readable program code executable by one or more of the processor circuits to:
 receive, by the virtual account number generator from the account database, an account holder name of an account associated with the contactless card and an address associated with the account; and 
 transmit, by the virtual account number generator, the account holder name and address to the merchant server, the merchant server further to process the transaction using the account holder name and address. 
 
     
     
       15. The non-transitory computer-readable storage medium of  claim 14 , further comprising computer-readable program code executable by one or more of the processor circuits to:
 generate, by the merchant server, a transaction record in a transaction database comprising the transaction identifier, the virtual account number, the expiration date, the CVV, the account holder name, the address, and at least one of an indication of a purchased product and an indication of a purchased service; 
 transmit, by the merchant server to the application, an indication that the transaction was processed; and 
 output, by the application, the indication that the transaction was processed on a display. 
 
     
     
       16. The non-transitory computer-readable storage medium of  claim 15 , further comprising computer-readable program code executable by one or more of the processor circuits to:
 determine, by the merchant server, an address conflict based on the address is being different than a known address specified in a user profile; 
 transmit, by the merchant server, the address and the known address to the application; 
 output, by the application on a display of the device, an indication of the address and the known address; 
 receive, by the application, selection of one of the address and the known address; and 
 transmit, by the application, the selected one of the address and the known address to the merchant server to resolve the address conflict, the merchant server to process the transaction using the selected one of the address and the known address. 
 
     
     
       17. The non-transitory computer-readable storage medium of  claim 16 , further comprising computer-readable program code executable by one or more of the processor circuits to:
 receive, by the application, authentication information for a user account associated with the merchant, the authentication information comprising one or more of: (i) a username and a password, (ii) one or more biometric credentials. 
 
     
     
       18. The non-transitory computer-readable storage medium of  claim 17 , wherein the communications interface of the contactless card is configured to support at least one of near field communication (NFC), Bluetooth, and Wi-Fi, further comprising computer-readable program code executable by one or more of the processor circuits to:
 transmit, by the application, the received authentication information to the authentication application, the authentication application to verify the authentication information.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.